General
-
Target
sora.arm7
-
Size
125KB
-
Sample
211206-yq2apshhg9
-
MD5
615efd8ebfe11f962016505691fa532f
-
SHA1
f598b05398e90890a67341ef02b804042505c13b
-
SHA256
53fd73f8df2d6d452f79544e0e77b657c8a5986f3492cbfdec58d6a4e2f47185
-
SHA512
d826eae3dbf983a0b3cff6681f0d51b5e2e43d87855b9e0d9218c607d88c1c5759fad798fb4ca5c5d85610ddb5d660767ae4c2a0759cb03d1b69b5057159af85
Static task
static1
Behavioral task
behavioral1
Sample
sora.arm7
Resource
debian9-armhf-en-20211025
Malware Config
Targets
-
-
Target
sora.arm7
-
Size
125KB
-
MD5
615efd8ebfe11f962016505691fa532f
-
SHA1
f598b05398e90890a67341ef02b804042505c13b
-
SHA256
53fd73f8df2d6d452f79544e0e77b657c8a5986f3492cbfdec58d6a4e2f47185
-
SHA512
d826eae3dbf983a0b3cff6681f0d51b5e2e43d87855b9e0d9218c607d88c1c5759fad798fb4ca5c5d85610ddb5d660767ae4c2a0759cb03d1b69b5057159af85
Score9/10-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-